I've installed a Joomla 1.6 template, and everything is working fine except 1 thing.
I have uploaded some .pdf-files somewhere in the file system and people who visit the site can view or download these pdf-files, but when I click on the link or trying to right-click and "Save as target" I get an error message like this:
Forbidden
You don't have permission to access
/path/filename.pdf on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request. Apache mod_fcgid/2.3.6
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server
at website Port 80
I've logged in as administrator and checked if I found anything that denies access to files with .pdf extension, but all I found was that it seems like a .htaccess-file is being created in the same folder as the .pdf-files just after I'm trying to open them in my browser.
The content of the .htaccess file that is being created is this:
deny from all
I have also tried to edit this files content to "allow from all", and tried to delete it too, but Joomla is just changing it back.
Anyone know why or what that prevents me from viewing or downloading the pdf-files?
If it's a UNIX/Linux server you can FTP in with a client that shows permissions like FileZilla. It's probably the permissions associated with the parent folder cascading down to these files. Try to see if you can upload an image to the images folder and if you can save it the same way you're trying to save the PDFs. If downloading the image to your machine works, I would then look at the permissions settings. If you're not sure which permissions to look for, check out this: http://www.tuxfiles.org/linuxhelp/filepermissions.html
Usually a client can download/view files with permissions of 644 or higher.
Related
I am trying to change the content of my site (it is a help site and I have gone from using one software package to another for creating it) and usually, I would just make sure that the content was in the root folder and all is good.
The issue is that when I change the content I get a 404 error, so I did some googling and put some code in the web.config file and now I get a 403 error! Then I tried everything I could and still get the 403.
If I change the content in the root folder back to the original, there is no problem and on another site I have, I can just add a folder then navigate to www.site.com/newfolder and it works fine.
I was getting "HTTP 403 error Microsoft Edge can’t get to this page", while launching an application from IIS in Windows 10. Please suggest a solution for this.
thanks
If all permissions are set and even though your website shows 403 forbidden, most likely the default page is not set for your website. With IIS, you can configure the default document as follows.
Connect to IIS.
Expand the sites and select the desired website.
From right hand side feature view, click on Default Document.
Set your desire default page and save the settings.
While you browse any website, IIS searches for the default page to be displayed. If the first default document is not available, IIS will look for the next default page from the list. When IIS is unable to find any match and directory listing is enabled for that particular website, IIS will show you the list of folders. If directory listing is disabled, IIS will return an HTTP Error 403 - Forbidden message to the browser.
If an empty application gives you a 403 I can think of two immediate reasons.
The permissions are wrong. You might need to give the application pool user (IIS AppPool\NAMEOFAPPPOOL with recommended configuration) read permission to the directory.
You don't have any content. If you try to access a directory in IIS you will get a 403. Add a file and try to access that directly, or a Default.aspx or index.html file to the directory you're trying to access.
Users who log in to an admin area of a website need to be able to download files that have been previously uploaded by other admins. Public access to these files is not allowed.
The files are held in a directory called uploaded-files and there is a .htaccess in that folder:
<FilesMatch "\.(pdf|doc|docx|ods|xls|xlsx|ppt)$">
Order deny,allow
Deny from all
Allow from localhost
</FilesMatch>
That seems to work ok.. The public can't link to the files. The trouble is that the logged in admins can't link to them either because:
<a href"uploaded-files/abc.pdf">download</a>
gives a 403 forbidden when clicked. So it seems php/html files on the server can't access the files either.
What am I doing wrong? Surely there is an easy way to allow people on the server to download files via a link but still deny access to public?
I've tried keeping the files outside the public_html but I can't provide a link to that location either :(
You should keep these files outside your DOCUMENT_ROOT.
Download links should be via a PHP file e.g. <a href"http://domain.com/download-files.php?file=abc.pdf">download abc.pdf</a>
php code can check for auth part and allowed host etc. If all validations pass then return content of PDF with proper CONTENT type to the browser.
is there a way to deny outside access to my upload directory ?! I don't want users to access my upload directory : www.example.com/uploads
i used .htaccess in the root of my upload folder however all the links were broken
in my .htaccess :
deny from all
any solution ?
If you wish to disable directory listing, simply place 'Options -Indexes' in your htaccess.
You've applied a 'deny from all', which essentially stops ANYONE from accessing files in the directory to which it applies.
Also make sure that 'AllowOverride All' is specified in the vhost definition, otherwise you are unable to override settings via the htaccess file. That is my understanding anyway.
If you wish to disable access to the upload directory, and control which files in specific users can access, I'd recommend going through a script written in a language such as PHP. A user requests a file from the script, the script looks to see if they're allowed to view the file. IF they are, they file is displayed. IF they aren't then it is not.
References
http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml
http://mathiasbynens.be/notes/apache-allowoverride-all
Today I moved my website to a new hosting company (Verio). I've done this lots of times before, and I know that your website should go inside the "htdocs" folder.
Now usually when I use FileZilla, I can do a "Right Click" on a filename to get the URL of that file. This is the result of my root default file: ftp://test#test.com/www/htdocs/Research/index.php
However, on the web, the true URL of my default file is: www.test.com/Research/index.php
My index.php file is in the website root folder. Does anyone know why FileZilla would include the server folders "www/htdocs" as part of the URL? These folders should not normally be visible to the user.
OR, is this look correct?
That ftp url is correct. Your FTP account has access to the two folders (www/htdocs/) before the document root, as most hosting providers provide.
You are also correct to assume that http access is limited to the document root. (Meaning they cannot see www/htdocs/)